/>
X
Business

Train crash could be to blame for Internet derailment

A train crash in the US cut Internet cables serving seven major ISPs. Was it this, and not Code Red, that derailed the Internet on 18 July?
Written by Wendy McAuliffe, Contributor on

The Code Red virus was not to blame for the Internet slowdown experienced in America last month - it was caused by a train crash in the eastern-US city of Baltimore.

According to Internet performance company Keynote, at the time at which Code Red was programmed to start to scan for vulnerable Web servers -- on 18 July -- a CSX train carrying hazardous materials was derailed in the Howard Street tunnel in Baltimore. The subsequent fire severed cables and burnt through a massive Internet pipe serving seven of the biggest US Internet Service Providers (ISPs).

Analysis by Keynote has revealed that the backbone slowdown was specific to those backbones with high-speed connections running through the tunnel. "If the slowdown had been due to the worm, it would not have been selective of the backbones and geography but would have affected all backbones and the Internet as a whole, across geographical boundaries," concludes the Keynote Internet Health Report.

The time-sensitive worm replicates between Windows 2000 servers, and exploits the so-called Index Server flaw. The addresses of the servers that Code Red attacks are generated randomly, but because of a bug, each copy of the worm will try to attack the same list of servers. Once executed, the worm will start to create copies of itself in memory to attack even more IIS servers at the same time.

Keynote claims that when Code Red was at its most rampant last month, it had very little effect upon Internet traffic. In the 48 hours since the worm was programmed to begin re-propagating itself, their analysis shows that "no affect on performance" has been experienced.

"It is very plausible that the two things could have come together -- we never predicted that the Internet would slow down, and we never expected Code Red to have that much impact," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.

By lunchtime on Thursday, reports claimed that 238,967 servers had been affected by the Code Red worm, though it has caused no noticeable disruption to the Internet.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards

Related

The 21 best Black Friday deals under $30
Amazon Fire TV Stick 4K

The 21 best Black Friday deals under $30

The 62 best Black Friday deals you can shop at Costco right now
LG 65" Class - QNED80 Series

The 62 best Black Friday deals you can shop at Costco right now

The 52 best Black Friday deals on Amazon that are still available
Image of Amazon Echo Show 8 on a wooden table in front of a person cooking and folding pastry dough.

The 52 best Black Friday deals on Amazon that are still available